Part 1 was the intro; now let’s assume that you just bought your EdgeRouter Lite, unboxed it, and plugged it in. Now what? It’s not exactly a plug-and-play device. Fortunately, it’s not too hard to set it up, and there is a lot of help with EdgeOS if you need it.
I started here, which is a pretty handy tutorial for initial setup. The tutorial is all CLI, which you can either access directly via SSH or via the CLI interface in the web console. To connect to your router for the first time, connect via wire to the eth0 port with your client device (and don’t put any other devices on yet), set up a static IP within the 192.168.1.0/24 subnet, and either browse or ssh to 192.168.1.1. Default username and password are ubnt/ubnt, and the first thing you want to do is change that. I added a new admin user with a strong password and deleted the ubnt user; that’s probably the best approach to take.
Once you’ve done that, time to configure your interfaces. I followed the tutorial exactly: eth0 is my wired LAN interface, eth1 is my wireless LAN interface, and eth2 is the WAN interface. I set up DHCP on the WAN interface and configured the respective addresses on eth0 and eth1. Next, just like in the tutorial, I set up the DHCP servers for both eth0 and eth1 (although I use static IPs for the most part within my network). DNS forwarding was next, and easy. I skipped DynDNS since I don’t have it. WAN Masquerading was also very easy. I disabled SNMP since I don’t use it.
The next big step was setting up the firewall rules, and here again I pretty much copied what was in the tutorial. These are simple ACL-based rules assigned to a specific interface with three options for direction: in, out, and local (traffic destined for the router itself). I set up the inbound rule on eth2 to allow established and drop the rest; the local rule was the same. Since we haven’t defined an outbound rule, it pretty much allows all outbound traffic. This passed the good ol’ ShieldsUP! test, which was good enough for me.
Finally, I set up a few of the system settings like DNS servers (Google DNS FTW) and hostname. And that was it!
I plugged my Comcast router into eth2, my wireless-router-turn-access-point into eth1, and crossed my fingers. Lo and behold, it worked! I was able to access the internet no problem. The only change I had to make was the default gateway for all of my clients with static IPs, since I configured the EdgeRouter with a different address.
That was enough to get me up and running. But who wants to stop there? The biggest gap I saw was that the eth0 interface could only handle one wired connection. What I needed was a hub…or a switch…or, better yet, a managed switch! Which is what I got, but that’s part 3.
Below is the configuration file for my initial setup. This is not what I’m running now, but we’ll get there.
[codesyntax lang=”javascript”]
interfaces {
ethernet eth0 {
address 192.168.2.254/24
description "Wired LAN"
duplex auto
speed auto
}
ethernet eth1 {
address 192.168.1.254/24
description "Wireless LAN"
duplex auto
speed auto
}
ethernet eth2 {
address dhcp
description WAN
duplex auto
firewall {
in {
WAN-In
}
local {
WAN-Local
}
}
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
dynamic-dns-update {
enable true
}
hostfile-update disable
shared-network-name LAN_DHCP {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.254
dns-server 192.168.2.254
lease 86400
start 192.168.2.101 {
stop 192.168.2.150
}
}
}
shared-network-name WLAN_DHCP {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.254
dns-server 192.168.1.254
lease 86400
start 192.168.1.101 {
stop 192.168.1.150
}
}
}
}
dns {
forwarding {
cache-size 1000
listen-on eth0
listen-on eth1
}
}
nat {
rule 5000 {
description WAN_MASQ
log enable
outbound-interface eth2
protocol all
type masquerade
}
}
system {
host-name erl1
login {
*snip*
}
}
name-server 8.8.8.8
name-server 8.8.4.4
time-zone America/Chicago
}
[/codesyntax]
1 comment
Comments are closed.